When I login to a site, which is a "learning system" at my university, I have found that I cannot open a new tab with the same site open. When I do so, somehow the site is aware and displays the following message?

How on earth does the site know what tabs I have open on my computer? As far as I know, the front-end code shouldn't have any access to my private browser information. What accessible information could this site be using to determine that I have another tab open already?

I am accessing the site using a private computer, and the site being accessed isn't on a local network, it is being accessed through the internet. Therefore there is no internal monitoring software that could be causing this. I am using Google Chrome 24 Beta for Mac.

How do you open a new tab? Chances are they're checking referrers and when it sees you don't have one or you're originating from a page and landing on another that isn't in "Sequence" it bounces an error. It can also use a session variable/ip combination that tracks what page you're viewing.
–
Brad ChristieNov 19 '12 at 14:08

Do you see this message as soon as you open a new tab or after performing some action in the new tab? Do you see it if you open a tab via the "Open link in new tab" option?
–
Martin SmithNov 19 '12 at 14:25

2 Answers
2

One way to do this is via cookies and ids. Firstly, you are logged in to the site and have a session on there. This is managed using cookies; whenever you visit a page on the site, your browser will send a cookie which normally contains some kind of id. That way the server can identify any request coming from you, is really from you. So, in this case, both your original tab and your new tab will send the same cookie.

Secondly, it can also add another, different id (call it the page id), to any link or form you submit on the site. So a form on a page might contain the id 1234, and any links will also contain that id. Each new page you visit might contain a new id. So at any point, the site knows that next request from your browser (identified by the cookies) should also contain this other id. If you navigate around the site in a normal way, clicking on links, submitting forms, this will be true and all will be good.

Cases when your next request would NOT submit the expected, second id are:

you hit the back button (you would be sending an old page id)

you open a new tab (this depends on the browser, but if it opens the
same page you are already on in the original tab, it would be sending the current page
id, not the next page id, which the server expects)

Either way, you send a request with a page id the server doesn't expect and it can make a best guess as to what you did.

I believe it can be easily checked by looking at the page history in Javascript.

Something like:

if (history.length == 1){
// you can't see this, you're naughty and opened another tab..
// I think some browsers start at 0 and some at 1 so this might
// need wrapping in some browser identity code
}